cbcvebase.

Thorsten Phpmyfaq vulnerabilities

117 known vulnerabilities affecting thorsten/phpmyfaq.

Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2

Vulnerabilities

Page 3 of 6
CVE-2026-45008P3MEDIUMCVSS 6.5fixed in 4.1.22026-05-15
CVE-2026-45008 [MEDIUM] CWE-73 CVE-2026-45008: phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that all phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete directories outside the intended clientFolder scope.
nvd
CVE-2023-0790P3HIGH≥ 0, < 3.1.112023-02-12
CVE-2023-0790 [HIGH] CWE-248 Uncaught Exception in thorsten/phpmyfaq Uncaught Exception in thorsten/phpmyfaq Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-4006P3HIGH≥ 0, < 3.1.162023-07-31
CVE-2023-4006 [HIGH] CWE-1236 phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
ghsaosv
CVE-2024-56199P3HIGHCVSS 7.6v>= 3.2.10, < 4.0.22025-01-02
CVE-2024-56199 [HIGH] CWE-79 CVE-2024-56199: phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to v phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled t
ghsanvdosv
CVE-2022-3754P3CRITICAL≥ 0, < 3.1.82022-10-29
CVE-2022-3754 [CRITICAL] CWE-521 phpMyFAQ contains Weak Password Requirements phpMyFAQ contains Weak Password Requirements phpMyFAQ prior to version 3.1.8 has Weak Password Requirements. Version 3.1.8 introduces an eight-character minimum password length.
ghsaosv
CVE-2026-46367P4HIGHCVSS 7.6≥ 4.1.1, < 4.1.22026-05-15
CVE-2026-46367 [HIGH] CWE-79 CVE-2026-46367: phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving full application takeover when visitors view affected F
nvd
CVE-2023-5865P4HIGH≥ 0, < 3.2.22023-10-31
CVE-2023-5865 [HIGH] CWE-613 Insufficient Session Expiration in thorsten/phpmyfaq Insufficient Session Expiration in thorsten/phpmyfaq Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
ghsaosv
CVE-2022-4409P4HIGH≥ 0, < 3.1.92022-12-11
CVE-2022-4409 [HIGH] CWE-311 phpMyFAQ has insecure HTTP cookies phpMyFAQ has insecure HTTP cookies phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9.
ghsaosv
CVE-2026-32629P4MEDIUMCVSS 6.1fixed in 4.1.12026-04-02
CVE-2026-32629 [MEDIUM] CWE-20 CVE-2026-32629: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example "alert(1)"@evil.com. PHP's FILTER_VALIDATE_EMAIL accepts this email as valid. The email is stored in the databa
ghsanvdosv
CVE-2026-46365P4MEDIUMCVSS 5.4fixed in 4.1.22026-05-15
CVE-2026-46365 [MEDIUM] CWE-862 CVE-2026-46365: phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/conten phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid session cookie, resulting in permanent data loss and di
ghsanvd
CVE-2026-34974P4MEDIUMCVSS 5.4fixed in 4.1.12026-04-02
CVE-2026-34974 [MEDIUM] CWE-79 CVE-2026-34974: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitize phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escal
ghsanvdosv
CVE-2026-34973P4MEDIUMCVSS 5.3fixed in 4.1.12026-04-02
CVE-2026-34973 [MEDIUM] CWE-943 CVE-2026-34973: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() meth phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match
ghsanvdosv
CVE-2026-46361P4MEDIUMCVSS 6.9fixed in 4.1.22026-05-15
CVE-2026-46361 [MEDIUM] CWE-79 CVE-2026-46361: phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where resu phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchContro
nvd
CVE-2022-3608P4HIGH≥ 0, < 3.2.0-alpha2022-10-19
CVE-2022-3608 [HIGH] CWE-79 phpMyFAQ vulnerable to Cross-site Scripting phpMyFAQ vulnerable to Cross-site Scripting phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the `main` branch of the repository and anticipated to be part of version 3.2.0-alpha.
ghsaosv
CVE-2024-28108P4MEDIUMCVSS 6.1v3.2.52024-03-25
CVE-2024-28108 [MEDIUM] CWE-79 CVE-2024-28108: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doe
nvd
CVE-2025-68951P4MEDIUMCVSS 6.1v>= 4.0.14, < 4.0.162025-12-29
CVE-2025-68951 [MEDIUM] CWE-79 CVE-2025-68951: phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an administrator views the admin user list, the payload is decoded
ghsanvdosv
CVE-2024-27300P4MEDIUMCVSS 5.4v3.2.52024-03-25
CVE-2024-27300 [MEDIUM] CWE-79 CVE-2024-27300: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attack
nvd
CVE-2023-0792P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0792 [MEDIUM] CWE-94 Code Injection in thorsten/phpmyfaq Code Injection in thorsten/phpmyfaq Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2024-24574P4MEDIUMCVSS 6.1fixed in 3.2.52024-02-05
CVE-2024-24574 [MEDIUM] CWE-79 CVE-2024-24574: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
nvd
CVE-2024-28106P4MEDIUMCVSS 5.4v3.2.52024-03-25
CVE-2024-28106 [MEDIUM] CWE-79 CVE-2024-28106: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
nvd
Thorsten Phpmyfaq vulnerabilities | cvebase